Kerry-McCain Online Privacy Bill: Too Weak or Too Strong?

Senators John McCain and John Kerry have introduced an online privacy bill that would require companies to inform consumers when their personal data is being collected for marketing purposes and how it’s being shared.

“The bill, if it becomes law, would require companies to tell consumers why data was being collected, whom it would be shared with and how it would be safeguarded.

Companies collecting data must also allow consumers to opt out of some data collection and they must agree, or opt in, to the collection of sensitive data like medical conditions.

The bill would also press businesses to collect only the information needed for any particular transaction.”

The bill is supported by several technology companies such as HP, Microsoft and Intel, but some online marketing groups say the bill is too strong, while certain consumer advocate groups say the bill is too weak.

The Direct Marketing Association (DMA) said that it “is wary of any legislation that upsets the information economy without a showing of actual harm to consumers.” Conversely, the director of the Center for Digital Democracy, Jeff Chester, said, “I don’t think this is going to affect online marketing at all.” A spokesman for a privacy group called Consumer Watchdog added, “We cannot support it today,” according to Reuters.

Whether the proposed bill is indeed too weak or too strong, it’s hard to argue that it’s not at least a step in the right direction.

“If the bill becomes law, companies would be unable to collect identifying information — including names, e-mail addresses and credit-card numbers — without an individual’s consent. Sensitive data about religion, sexual identity and health would also be out of bounds unless the person consents.

Web companies would have to offer users the ability to opt out of data collection entirely, and businesses would have to make it clear how the data are being used.”

The ability to opt out of having your data collected entirely, though, could spell trouble for otherwise “free” websites and services that rely on selling user data to keep their offerings free. That being said, it’s already possible to opt out of data collection practices from some of the bigger online advertisers already (see: How to Opt Out of Everything Online).

But what happens if and when people are given the ability to preemptively opt out of data collection when they sign up for new websites and online services? That’s what’ll be most interesting to watch. If enough people opt out of data collection entirely, how will it affect various online revenue models?